What is an ACL?

An Access Control List (ACL) refer to a set of rules usually used to filter network traffic. The rules specify which users are granted access to that object and the operations it is allowed to perform.  We can configure ACL on network devices with packet filtering compatibilities, such as routers and firewalls.

An Access Control List (ACL) contains a list of certain conditions and category which help you determine when to allow or deny network traffic. We can also apply these conditions on the interface basis to packets leaving or entering an interface. There are two types of ACLs available on a Cisco device:

  • Standard Access Control List
  • Extended Access Control List

An Access Control List (ACL) is the most commonly used features of Cisco IOS software and the ACL can perform the following tasks in our network:

Increase Network Performance

The ACLs increase network performance due to reduce the network load. For example, if company policy do not allow video traffic on the network, So the company use ACLs to block video traffic and increase their network performance.

Provide traffic flow control.

We can use ACLs to limit the delivery of routing updates when updates not required. This can preserved network bandwidth.

Network Security

An Access Control List (ACL) can also provide a basic level of network security. It can allow one host to access a part of the network and stop another host from accessing the same area.

Filtering Network Traffic

We can also use ACLs to filter network traffic based on the traffic type. For example, an ACL can permit email traffic, but block all Telnet traffic.  We can also use ACL to permit or deny hosts access to network services. ACLs can permit or deny a user to access file types, such as FTP or HTTP.

By default, a router does not have ACLs configured, so a router does not filter traffic by default. Traffic enters to the router is routed exclusively using the information within the routing table. But, when an ACL is configured and applied to an interface, the router filters and check each packet to determine if the packet can be forwarded or not. We can also use an ACLs to classify traffic to enable priority processing.  We can use ACL to permit or deny specific type of network traffic